'%20id='ico-down'%20stroke='%23000000'%20stroke-width='1.5'%3e%3cg%20transform='translate(1092.250000,%20254.750000)'%3e%3cpolyline%20id='Path-2-Copy-4'%20transform='translate(5.500000,%202.750000)%20scale(1,%20-1)%20rotate(-180.000000)%20translate(-5.500000,%20-2.750000)%20'%20points='0%200%205.5%205.5%2011%200'%3e%3c/polyline%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e){kind=small}
Swiss electricity providers are vulnerable to a Colonial Pipeline style ransomware attacks, according to a report from the Swiss Federal Office for Energy.
While certain weaknesses against cyberattacks have previously been identified, progress towards protecting Switzerland’s electricity grid appears to be slow, says the Neue Zürcher Zeitung newspaper.
Several companies surveyed by the energy ministry report have only achieved basic protection against cyberattacks – a score of one on a sliding scale of 0-4.
Energy providers should have reached a score of 2.6 by now, energy ministry expert Matthias Galus told the NZZ. The report called the results “sobering” and said they demonstrated a “fundamental need for action”.
Only 124 of 750 firms targeted by the survey responded. “This low participation rate for a topic that is so important for the security of [energy] supply in the digital era amazed me,” he said.
The Association of Swiss Electricity Companies did not comment directly on the survey but told the Swiss News Agency Keystone-SDA that its members took cyber security seriously and are working towards long-term solutions.
US example
The threat of cyberattacks on energy providers was highlighted by a successful ransomware attack on the United States oil and gas provider Colonial Pipeline earlier this year, which seriously disrupted supply to the southeastern US.
In 2018, the Swiss government set minimum IT security standards for critical infrastructure but allowed companies to self-regulate their compliance.
Last year, the government set up a study to better identify weak points with the aim of tightening up legislation by the end of this year. The plan is to oblige critical infrastructure firms (in areas such as energy, healthcare, water supply, transport and finance) to report directly to the National Cybersecurity centre.
The recent energy ministry survey noted that “the current lead of the EU states in the field of cyber security and resilience currently appears to be considerable.”
swissinfo.ch/mga